Authorization Flaw in NeuVector's Admin Account
CVE-2025-8077

9.8CRITICAL

Key Information:

Vendor: Suse
Status: Neuvector
Vendor: CVE Published:; 17 September 2025

What is CVE-2025-8077?

A security flaw exists in NeuVector's versions up to and including 5.4.5, where a static string serves as the default password for the built-in 'admin' account. Without alteration of these credentials post-deployment, any component within a network-accessible workload can exploit the prevailing default credentials to gain an authentication token. This token provides the ability to make requests and manipulate resources via NeuVector APIs, potentially compromising the security of the entire system.

Affected Version(s)

neuvector 5.0.0 < 5.4.6

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-8077

https://github.com/neuvector/neuvector/security/advisorie...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 17, 2025
Vulnerability Reserved
Jul 23, 2025

JSON

Suse

What is CVE-2025-8077?

Affected Version(s)

References

CVSS V3.1

Timeline